Expiration time of version 4 OpenPGP keys is specified in the "key expiration time" extension of a self-signature made over that key. SecureBlackbox adds this extension automatically should you pass a non-zero Expires value to the Generate() method.

You can prolong the lifetime of the key by removing the existing self-signature (containing the "old" expiration time) and creating a new one (with "new" expiration time). Please note that you need a secret key to create a new self-signature.

Still, in this case you need to ensure that the updated copy of the public key is provided to all the environments where your original key resides (i.e. partners, key servers etc.).

The existing signature carrying the expiration date can be removed with TElPGPPublicKey.RemoveSignature() method. New signature with an updated expiration date can be generated and added in the following way:

Code

// creating a signature object
TElPGPSignature selfSig = new TElPGPSignature();
// setting key expiration time (in days from key generation moment)
selfSig.KeyExpirationTime = 200;
// creating a direct signature over the public key
pgpSecKey.DirectSign(pgpPubKey, selfSig);
// adding the created signature to the public key
pgpPubKey.AddSignature(selfSig);

Version 4 OpenPGP keys do not store expiration date directly in the key. Instead, the number of days to expire is stored in a self-signature attached to this key. This way, what you see is correct, it's the signature where the expiration date should be changed.

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.